I have a Point of Sale System that's a web application. I also have a separate reporting system that's a web application and a separate inventory system that's a web application. It's necessary to use all 3 to run the business. I want to have single sign-on to make life easier for the users. Would adding single sign-on, via CAS, invalidate the PCI compliance of the POS web application?

1 Answer
1

In this case, your central authentication server would fall into the covered scope and would need to meet security and logging requirements. That other systems rely on this does not make them in-scope.